CVE List - 2022 / January
Showing 401 - 500 of 1988 CVEs for January 2022 (Page 5 of 20)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-23154 | 2022-01-10 | Command injection in Lens causes arbitrary shell command execution when malicious custom helm chart configuration provided |
| CVE-2021-23218 | 2022-01-10 | Memory Leak in Mirantis Container Runtime (MCR) running in FIPS mode causes a Denial of Service |
| CVE-2022-22120 | 2022-01-10 | NocoDB - Observable Discrepancy in the password-reset feature |
| CVE-2022-22121 | 2022-01-10 | NocoDB - CSV Injection in User Management |
| CVE-2022-0158 | 2022-01-10 | Heap-based Buffer Overflow in vim/vim |
| CVE-2022-0157 | 2022-01-10 | Cross-site Scripting (XSS) - Stored in phoronix-test-suite/phoronix-test-suite |
| CVE-2021-43297 | 2022-01-10 | Dubbo Hessian cause RCE when parse error |
| CVE-2021-43951 | 2022-01-10 | Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view object import configuration details via an Information Disclosure vulnerability in the Create Object... |
| CVE-2021-43949 | 2022-01-10 | Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view private objects via a Broken Access Control vulnerability in the Custom Fields feature.... |
| CVE-2022-0156 | 2022-01-10 | Use After Free in vim/vim |
| CVE-2022-22116 | 2022-01-10 | Directus - Stored Cross-Site Scripting (XSS) via SVG File Upload |
| CVE-2022-22117 | 2022-01-10 | Directus - Stored Cross-Site Scripting (XSS) in Profile Avatar Image |
| CVE-2022-22114 | 2022-01-10 | Teedy - Reflected Cross-Site Scripting (XSS) in the Search Functionality |
| CVE-2022-22115 | 2022-01-10 | Teedy - Stored Cross-Site Scripting (XSS) in Tag Name |
| CVE-2021-24862 | 2022-01-10 | RegistrationMagic < 5.0.1.6 - Admin+ SQL Injection |
| CVE-2021-24948 | 2022-01-10 | The Plus Addons for Elementor Pro < 5.0.7 - Sensitive Data Disclosure |
| CVE-2021-24949 | 2022-01-10 | The Plus Addons for Elementor Pro < 5.0.7 - Unauthenticated SQL Injection |
| CVE-2021-25043 | 2022-01-10 | WOOCS < 1.3.7.3 - Reflected Cross-Site Scripting |
| CVE-2021-25047 | 2022-01-10 | 10Web Social Photo Feed < 1.4.29 - Reflected Cross-Site Scripting (XSS) |
| CVE-2021-25051 | 2022-01-10 | Modal Window < 5.2.2 - RFI leading to RCE via CSRF |
| CVE-2021-25052 | 2022-01-10 | Button Generator < 2.3.3 - RFI leading to RCE via CSRF |
| CVE-2021-25053 | 2022-01-10 | WP Coder < 2.5.2 - RFI leading to RCE via CSRF |
| CVE-2021-25054 | 2022-01-10 | WPcalc <= 2.1 - Authenticated SQL Injection |
| CVE-2022-0174 | 2022-01-10 | Improper Validation of Specified Quantity in Input in dolibarr/dolibarr |
| CVE-2020-28679 | 2022-01-10 | A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request. |
| CVE-2022-0155 | 2022-01-10 | Exposure of Private Personal Information to an Unauthorized Actor in follow-redirects/follow-redirects |
| CVE-2022-21666 | 2022-01-10 | SQL Injection in useredit.php |
| CVE-2022-21668 | 2022-01-10 | Pipenv's requirements.txt parsing allows malicious index url in comments |
| CVE-2022-21670 | 2022-01-10 | Uncontrolled Resource Consumption in markdown-it |
| CVE-2022-21672 | 2022-01-10 | /etc/pki/tls and /etc/ssl/certs include distrusted certificates in make-ca |
| CVE-2020-25427 | 2022-01-10 | A Null pointer dereference vulnerability exits in MP4Box - GPAC version 0.8.0-rev177-g51a8ef874-master via the gf_isom_get_track_id function, which causes a denial of service. |
| CVE-2021-44647 | 2022-01-11 | Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service. |
| CVE-2022-21669 | 2022-01-11 | Bot token exposed in main.py |
| CVE-2022-0144 | 2022-01-11 | Improper Privilege Management in shelljs/shelljs |
| CVE-2021-37195 | 2022-01-11 | A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4... |
| CVE-2021-37196 | 2022-01-11 | A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.3... |
| CVE-2021-37197 | 2022-01-11 | A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4... |
| CVE-2021-37198 | 2022-01-11 | A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4... |
| CVE-2021-41769 | 2022-01-11 | A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5... |
| CVE-2021-45033 | 2022-01-11 | A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All... |
| CVE-2021-45034 | 2022-01-11 | A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All... |
| CVE-2021-45460 | 2022-01-11 | A vulnerability has been identified in SICAM PQ Analyzer (All versions < V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers... |
| CVE-2022-21671 | 2022-01-11 | Potential exposure of Replit tokens to an Unauthorized Actor in @replit/crosis |
| CVE-2021-43566 | 2022-01-11 | All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of... |
| CVE-2022-0170 | 2022-01-11 | Improper Access Control in chocobozzz/peertube |
| CVE-2020-28102 | 2022-01-11 | cscms v4.1 allows for SQL injection via the "js_del" function. |
| CVE-2020-28103 | 2022-01-11 | cscms v4.1 allows for SQL injection via the "page_del" function. |
| CVE-2021-29701 | 2022-01-11 | IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6 and 6.0.6.1 could allow an authneticated attacker to obtain sensitive information from build definitions... |
| CVE-2021-38991 | 2022-01-11 | IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the lscore command which could lead to code execution. IBM X-Force... |
| CVE-2022-0173 | 2022-01-11 | Out-of-bounds Read in radareorg/radare2 |
| CVE-2022-0129 | 2022-01-11 | DLL Highjack vulnerability in McAfee TechCheck utility |
| CVE-2021-43052 | 2022-01-11 | TIBCO FTL Secret Generation Vulnerability |
| CVE-2021-43053 | 2022-01-11 | TIBCO FTL Secret Exposure Vulnerability |
| CVE-2021-43054 | 2022-01-11 | TIBCO eFTL Token Generation Vulnerability |
| CVE-2021-43055 | 2022-01-11 | TIBCO eFTL Token Caching Vulnerability |
| CVE-2021-34704 | 2022-01-11 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerability |
| CVE-2021-1573 | 2022-01-11 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerability |
| CVE-2021-43971 | 2022-01-11 | A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to execute arbitrary SQL commands via the filterText parameter. |
| CVE-2021-43972 | 2022-01-11 | An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root (with... |
| CVE-2021-43973 | 2022-01-11 | An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to upload an arbitrary file via the file parameter in the HTTP POST... |
| CVE-2021-43974 | 2022-01-11 | An issue was discovered in SysAid ITIL 20.4.74 b10. The /enduserreg endpoint is used to register end users anonymously, but does not respect the server-side setting that determines if anonymous... |
| CVE-2022-21833 | 2022-01-11 | Virtual Machine IDE Drive Elevation of Privilege Vulnerability |
| CVE-2022-21834 | 2022-01-11 | Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability |
| CVE-2022-21835 | 2022-01-11 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability |
| CVE-2022-21836 | 2022-01-11 | Windows Certificate Spoofing Vulnerability |
| CVE-2022-21837 | 2022-01-11 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2022-21838 | 2022-01-11 | Windows Cleanup Manager Elevation of Privilege Vulnerability |
| CVE-2022-21839 | 2022-01-11 | Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability |
| CVE-2022-21840 | 2022-01-11 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2022-21841 | 2022-01-11 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2022-21842 | 2022-01-11 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2022-21843 | 2022-01-11 | Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability |
| CVE-2022-21846 | 2022-01-11 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2022-21847 | 2022-01-11 | Windows Hyper-V Denial of Service Vulnerability |
| CVE-2022-21848 | 2022-01-11 | Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability |
| CVE-2022-21849 | 2022-01-11 | Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability |
| CVE-2022-21850 | 2022-01-11 | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2022-21851 | 2022-01-11 | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2022-21852 | 2022-01-11 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2022-21855 | 2022-01-11 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2022-21857 | 2022-01-11 | Active Directory Domain Services Elevation of Privilege Vulnerability |
| CVE-2022-21858 | 2022-01-11 | Windows Bind Filter Driver Elevation of Privilege Vulnerability |
| CVE-2022-21859 | 2022-01-11 | Windows Accounts Control Elevation of Privilege Vulnerability |
| CVE-2022-21860 | 2022-01-11 | Windows AppContracts API Server Elevation of Privilege Vulnerability |
| CVE-2022-21861 | 2022-01-11 | Task Flow Data Engine Elevation of Privilege Vulnerability |
| CVE-2022-21862 | 2022-01-11 | Windows Application Model Core API Elevation of Privilege Vulnerability |
| CVE-2022-21863 | 2022-01-11 | Windows StateRepository API Server file Elevation of Privilege Vulnerability |
| CVE-2022-21864 | 2022-01-11 | Windows UI Immersive Server API Elevation of Privilege Vulnerability |
| CVE-2022-21865 | 2022-01-11 | Connected Devices Platform Service Elevation of Privilege Vulnerability |
| CVE-2022-21866 | 2022-01-11 | Windows System Launcher Elevation of Privilege Vulnerability |
| CVE-2022-21867 | 2022-01-11 | Windows Push Notifications Apps Elevation of Privilege Vulnerability |
| CVE-2022-21868 | 2022-01-11 | Windows Devices Human Interface Elevation of Privilege Vulnerability |
| CVE-2022-21869 | 2022-01-11 | Clipboard User Service Elevation of Privilege Vulnerability |
| CVE-2022-21870 | 2022-01-11 | Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability |
| CVE-2022-21871 | 2022-01-11 | Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability |
| CVE-2022-21872 | 2022-01-11 | Windows Event Tracing Elevation of Privilege Vulnerability |
| CVE-2022-21873 | 2022-01-11 | Tile Data Repository Elevation of Privilege Vulnerability |
| CVE-2022-21874 | 2022-01-11 | Windows Security Center API Remote Code Execution Vulnerability |
| CVE-2022-21875 | 2022-01-11 | Windows Storage Elevation of Privilege Vulnerability |
| CVE-2022-21876 | 2022-01-11 | Win32k Information Disclosure Vulnerability |